Update Input object handling and spec

rmosolgo · rmosolgo · commit 9de21ed34225 · 2026-05-05T12:05:53.000-04:00
diff --git a/lib/graphql/execution/field_resolve_step.rb b/lib/graphql/execution/field_resolve_step.rb
@@ -192,8 +192,11 @@ def execute_field
             else
               begin
                 err ||= GraphQL::UnauthorizedFieldError.new(object: o, type: @parent_type, context: ctx, field: @field_definition)
-                authorized_objects << query.schema.unauthorized_field(err)
-                authorized_results << @results[i]
+                new_obj = query.schema.unauthorized_field(err)
+                if !new_obj.nil?
+                  authorized_objects << new_obj
+                  authorized_results << @results[i]
+                end
               rescue GraphQL::ExecutionError => exec_err
                 add_graphql_error(exec_err)
               end
diff --git a/lib/graphql/execution/input_values.rb b/lib/graphql/execution/input_values.rb
@@ -113,7 +113,7 @@ def argument_value(argument_values, argument_key, argument_definition, arg_value
         end
 
         if treat_as_type.kind.list? && !arg_value.nil?
-          inner_t = treat_as_type.unwrap
+          inner_t = treat_as_type.of_type
           arg_value = if arg_value.is_a?(Array)
             values = Array.new(arg_value.size)
             arg_value.each_with_index { |inner_v, idx| argument_value(values, idx, argument_definition, inner_v, inner_t, field_resolve_step)}
@@ -221,24 +221,40 @@ def value_from_ast(value_node, type)
 
         elsif type.kind.input_object?
           coerced_obj = {}
-          arg_nodes_by_name = value_node.arguments.each_with_object({}) do |arg_node, acc| # rubocop:disable Development/ContextIsPassedCop
-            acc[arg_node.name] = arg_node
-          end
-
-          @query.types.arguments(type).each do |arg|
-            arg_node = arg_nodes_by_name[arg.graphql_name]
-            arg_key = arg.keyword
-            if arg_node.nil? || (arg_node.value.is_a?(Language::Nodes::VariableIdentifier) && !variable_values.key?(arg_node.value.name))
-              if arg.default_value?
-                coerced_obj[arg_key] = arg.default_value
+          if value_node.is_a?(Hash)
+            @query.types.arguments(type).each do |arg|
+              arg_value = value_node[arg.keyword]
+              arg_key = arg.keyword
+              if arg_value.nil?
+                if arg.default_value?
+                  coerced_obj[arg_key] = arg.default_value
+                end
+                next
               end
-              next
+
+              coerced_obj[arg_key] = value_from_ast(arg_value, arg.type)
+            end
+          else
+            arg_nodes_by_name = value_node.arguments.each_with_object({}) do |arg_node, acc| # rubocop:disable Development/ContextIsPassedCop
+              acc[arg_node.name] = arg_node
             end
 
-            arg_value = value_from_ast(arg_node.value, arg.type)
-            coerced_obj[arg_key] = arg_value
+            @query.types.arguments(type).each do |arg|
+              arg_node = arg_nodes_by_name[arg.graphql_name]
+              arg_key = arg.keyword
+              if arg_node.nil? || (arg_node.value.is_a?(Language::Nodes::VariableIdentifier) && !variable_values.key?(arg_node.value.name))
+                if arg.default_value?
+                  coerced_obj[arg_key] = arg.default_value
+                end
+                next
+              end
+
+              arg_value = value_from_ast(arg_node.value, arg.type)
+              coerced_obj[arg_key] = arg_value
+            end
           end
 
+
           coerced_obj
         elsif type.kind.leaf?
           if type.kind.enum?
diff --git a/lib/graphql/schema/argument.rb b/lib/graphql/schema/argument.rb
@@ -165,8 +165,8 @@ def visible?(context)
         true
       end
 
-      def authorizes?(_context)
-        self.method(:authorized?).owner != GraphQL::Schema::Argument
+      def authorizes?(context)
+        self.method(:authorized?).owner != GraphQL::Schema::Argument || type.unwrap.authorizes?(context)
       end
 
       def authorized?(obj, value, ctx)
diff --git a/lib/graphql/schema/input_object.rb b/lib/graphql/schema/input_object.rb
@@ -113,6 +113,10 @@ def validate_for(context)
       end
 
       class << self
+        def authorizes?(ctx)
+          self.method(:authorized?).owner != GraphQL::Schema::InputObject
+        end
+
         def authorized?(obj, value, ctx)
           # Authorize each argument (but this doesn't apply if `prepare` is implemented):
           if value.respond_to?(:key?)
diff --git a/spec/graphql/schema/input_object_spec.rb b/spec/graphql/schema/input_object_spec.rb
diff --git a/spec/support/jazz.rb b/spec/support/jazz.rb
